I have seen several variations when it comes to acquisitions and mergers, some let the new company remain a completely separate entity, who is expected to govern themselves. Others are aiming for a quick onboarding of the new company - and there are several ways to go within this category as well. Whichever strategy you apply, these different scenarios have one thing in common, or rather, one challenge in common. How can you ensure a coherent security posture across all your entities throughout the process?
From a customer standpoint, it doesn't matter if a breach or an attack hit a side business of yours. You are still at fault if things go wrong.
Even if you don’t connect the new company's network with your own, yet still choose to make it a clear part of the common company from an IT perspective, you will be responsible for any issues that may arise. From a customer standpoint, it doesn't matter if a breach or an attack hit a side business of yours. You are still at fault if things go wrong.
For the brave souls who struggle with these kinds of issues on a daily basis, this is hardly news. Companies buy, sell or merge with other companies, and they all have vastly different views on how to secure assets. This creates a gap.
So how do you bridge that gap? Be in it for the long run. As you often build in line with what you have - or at least what you are familiar with - allow yourself to be consistent. In many cases it might very well mean that you are required to ship both hardware and personnel to the geographical location of the new company in order to secure the Internet facing resources of the new family member. Even if that location is on a different continent.
This might help you comply with one policy across all your entities, but it’s hardly an efficient method over time.
This might help you comply with one policy across all your entities, but it’s hardly an efficient method over time. It can also in many cases increase the cost of the merger or acquisition. So even though you kept the companies united around one policy, you might not finish as a winner anyway. The above described strategy doesn’t tend to happen as quick and painfree as predicted. It can be a matter of weeks which sadly, in most cases, become months. But that’s only a fact after it has already happened. This leaves you in an unwanted void when it comes to ensuring that you have a solid protection for you digital assets.
Why ship something far away that will only be there for a short while?
Lastly, when IT resources are merged together, you might find yourself stuck with more hardware than required, and without a clear approach for scaling down and cut costs. This brings us back to the above mentioned fact, why ship something far away that will only be there for a short while?
And yes, we do provide a solution that ensures a coherent security posture for all your Internet facing assets, without requirements of hardware or personnel being airdropped. Whether you’re in a phase of business as usual, going through a merger or is acquiring another company.
I do hope the insights above can come in handy when going through a merger or acquisition, and thanks for reading the post!